Turn Controllers into Plants’ Bodyguards

Top 20 Secure PLC Coding Practices released

Y’all better get used to this beauty: The PLC Security Project’s logo

We tried to turn PLCs, often regarded the achilles heel of automated plants, into the plants’ ubiquitous and unrelenting body guards, one in front of each (back) door.

Why do we need this list?

If the list achieves nothing else, it is supposed to establish a common understanding of what PLC security even means; what we can expect from a PLC that has been “programmed securely”.

What does the document contain?

How do these practices improve security?

How were the Top 20 chosen?

Some practices are so basic. Why have you included them?

Case 1: Too basic for security people

Case 2: Too basic for PLC programmers

Case 3: Everyone does this anyway

Who did you have in mind while writing the document?

I want to contribute / I found a mistake.

Who is “we”?

What’s up next?

Download the latest Top 20 Secure PLC coding practices document at plc-security.com or follow our project’s twitter account, @secureplc.

Friction generates heat — true for writing and engineering. Fluchsfriction generates writings on security engineering. Heated debates welcome! CTO@admeritia